Survey: HIPAA Compliance Drops, Patient Concerns Grow

By M.L. Baker |
Posted 05-02-2006

Fewer hospitals and health care facilities are complying with federal laws to protect patient privacy, and more patients are refusing to sign forms to release health information, according to a survey by the American Health Information Management Association.
Such trends bode ill for the development of a national electronic exchange of health data, warned Dan Rode, AHIMA's vice president of Policy and Government Relations.

"If patients don't see institutions safeguarding their privacy now, how willing will they be to see information in an electronic form going through a network exchange?" he asked.

For the past three years, AHIMA has surveyed over a thousand hospitals and health care facilities about their compliance with HIPAA (Health Insurance Portability and Accountability Act) rules that protect patient privacy.

Though the proportion of facilities reporting "full compliance" held steady at around 40 percent, the proportion of respondents who said they believed they were less than 85 percent compliant increased from 9 percent in 2005 to 15 percent in 2006. AHIMA said this decrease was "not a significant change" but that the drop "should serve as a warning to the industry that compliance should not be taken for granted."

Respondents said "lack of resources" was the biggest barrier to compliance, particularly to training and educating new staff, and AHIMA concluded that institutions were making privacy less of a priority: "From comments made by the respondents, it appears that many privacy officers are doing their best, but their calls for more support and resources are going unheard."

At the same time, patients seem more concerned. The survey found that patients were asking more questions about the privacy of their health information, and 22 percent of institutions reported that some patients refused to sign release of information forms. Respondents at facilities with 5,000 to 20,000 admissions and discharges a year were most likely to report that patients had refused to sign forms. More than half of respondents at the very largest facilities (more than 50,000 admissions and discharges) said patients were asking more questions.

"Hospitals are not using IT to help with HIPAA compliance," said Roger Werman, head of RMW Associates, a consultancy for health care practices, based in Indialantic, Fla. Both Werman and Rode said a shift to electronic-based records would largely eliminate the biggest burden health care facilities face in HIPAA compliance: tracking what patient information is released to what entities.